Date: Wed, 12 Jan 2011 15:01:01 +0000 From: krad <kraduk@gmail.com> To: Frank Bonnet <f.bonnet@esiee.fr> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: protect a single interface with IPFW ? Message-ID: <AANLkTikLHn=6t3WvuQvdjUGYXobqTwa7YZyfsoJym=ND@mail.gmail.com> In-Reply-To: <4D2DBF12.3050809@esiee.fr> References: <4D2DBF12.3050809@esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 January 2011 14:47, Frank Bonnet <f.bonnet@esiee.fr> wrote: > Hello > > is it possible to protect a single interface with IPFW > my server has only one interface and I want to > allow only SSH LDAP LDAPS > > thanks for any examples > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > something likes this add pass all from any to any via lo0 add pass tcp from w.x.y.z to any 22 in via $int keep-state add pass tcp from w.x.y.z to any 389 in via $int keep-state add deny ip from any to any or for pf (better in my opinion) table <sshhosts> const { hosta, hostb, ... } table <ldaphosts> const { hosta, hostb, ... } set skip on lo0 block any from any pass in quick proto tcp from <sshhosts> to any port ssh synproxy state pass in quick proto tcp from <ldaphosts> to any port ldap synproxy state
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikLHn=6t3WvuQvdjUGYXobqTwa7YZyfsoJym=ND>